356 lines
8.4 KiB
Markdown
356 lines
8.4 KiB
Markdown
# phpMyAdmin Setup Guide
|
|
|
|
This guide explains how to set up phpMyAdmin for managing your MySQL database on your VPS.
|
|
|
|
## Overview
|
|
|
|
- **phpMyAdmin Port**: 8081 (mapped to container port 80)
|
|
- **MySQL Service Name**: `db` (internal Docker network)
|
|
- **Database Name**: `lottery_db`
|
|
- **Network**: `lottery-network` (shared with MySQL and backend)
|
|
|
|
## Security Features
|
|
|
|
✅ **MySQL port 3306 is NOT exposed** - Only accessible within Docker network
|
|
✅ **phpMyAdmin accessible on port 8081** - Can be restricted via firewall
|
|
✅ **Upload limit set to 64M** - Prevents large file uploads
|
|
✅ **Uses same root password** - From your existing secret file
|
|
|
|
## Prerequisites
|
|
|
|
- Docker and Docker Compose installed on VPS
|
|
- Existing MySQL database running in Docker
|
|
- `DB_ROOT_PASSWORD` environment variable set (from secret file)
|
|
|
|
## Step-by-Step Deployment
|
|
|
|
### Step 1: Verify Current Setup
|
|
|
|
First, check that your MySQL container is running and the database password is accessible:
|
|
|
|
```bash
|
|
cd /opt/app/backend/lottery-be
|
|
|
|
# Check if MySQL container is running
|
|
docker ps | grep lottery-mysql
|
|
|
|
# Load database password (if not already set)
|
|
source scripts/load-db-password.sh
|
|
|
|
# Verify password is set
|
|
echo $DB_ROOT_PASSWORD
|
|
```
|
|
|
|
### Step 2: Update Docker Compose
|
|
|
|
The `docker-compose.prod.yml` file has already been updated with the phpMyAdmin service. Verify the changes:
|
|
|
|
```bash
|
|
# View the phpMyAdmin service configuration
|
|
grep -A 20 "phpmyadmin:" docker-compose.prod.yml
|
|
```
|
|
|
|
You should see:
|
|
- Service name: `phpmyadmin`
|
|
- Port mapping: `8081:80`
|
|
- PMA_HOST: `db`
|
|
- UPLOAD_LIMIT: `64M`
|
|
|
|
### Step 3: Start phpMyAdmin Service
|
|
|
|
```bash
|
|
cd /opt/app/backend/lottery-be
|
|
|
|
# Make sure DB_ROOT_PASSWORD is set
|
|
source scripts/load-db-password.sh
|
|
|
|
# Start only the phpMyAdmin service (MySQL should already be running)
|
|
docker-compose -f docker-compose.prod.yml up -d phpmyadmin
|
|
```
|
|
|
|
Or if you want to restart all services:
|
|
|
|
```bash
|
|
# Stop all services
|
|
docker-compose -f docker-compose.prod.yml down
|
|
|
|
# Start all services (including phpMyAdmin)
|
|
source scripts/load-db-password.sh
|
|
docker-compose -f docker-compose.prod.yml up -d
|
|
```
|
|
|
|
### Step 4: Verify phpMyAdmin is Running
|
|
|
|
```bash
|
|
# Check container status
|
|
docker ps | grep phpmyadmin
|
|
|
|
# Check logs for any errors
|
|
docker logs lottery-phpmyadmin
|
|
|
|
# Test if port 8081 is listening
|
|
netstat -tlnp | grep 8081
|
|
# or
|
|
ss -tlnp | grep 8081
|
|
```
|
|
|
|
### Step 5: Configure Firewall (UFW)
|
|
|
|
On Inferno Solutions VPS (Ubuntu), you need to allow port 8081:
|
|
|
|
```bash
|
|
# Check current UFW status
|
|
sudo ufw status
|
|
|
|
# Allow port 8081 (replace with your VPS IP if you want to restrict access)
|
|
sudo ufw allow 8081/tcp
|
|
|
|
# If you want to restrict to specific IP only (recommended for production):
|
|
# sudo ufw allow from YOUR_IP_ADDRESS to any port 8081
|
|
|
|
# Reload UFW
|
|
sudo ufw reload
|
|
|
|
# Verify the rule was added
|
|
sudo ufw status numbered
|
|
```
|
|
|
|
**Security Recommendation**: If you have a static IP, restrict access to that IP only:
|
|
|
|
```bash
|
|
# Replace YOUR_IP_ADDRESS with your actual IP
|
|
sudo ufw allow from YOUR_IP_ADDRESS to any port 8081
|
|
```
|
|
|
|
### Step 6: Access phpMyAdmin
|
|
|
|
Open your web browser and navigate to:
|
|
|
|
```
|
|
http://YOUR_VPS_IP:8081
|
|
```
|
|
|
|
**Example**: If your VPS IP is `37.1.206.220`, use:
|
|
```
|
|
http://37.1.206.220:8081
|
|
```
|
|
|
|
### Step 7: Login to phpMyAdmin
|
|
|
|
Use these credentials:
|
|
|
|
- **Server**: `db` (or leave as default - phpMyAdmin will auto-detect)
|
|
- **Username**: `root`
|
|
- **Password**: The value from `SPRING_DATASOURCE_PASSWORD` in your secret file
|
|
|
|
To get the password:
|
|
|
|
```bash
|
|
# On your VPS
|
|
grep SPRING_DATASOURCE_PASSWORD /run/secrets/lottery-config.properties
|
|
```
|
|
|
|
## Verification Checklist
|
|
|
|
After setup, verify:
|
|
|
|
- [ ] phpMyAdmin container is running: `docker ps | grep phpmyadmin`
|
|
- [ ] Port 8081 is accessible: `curl http://localhost:8081` (should return HTML)
|
|
- [ ] Firewall allows port 8081: `sudo ufw status | grep 8081`
|
|
- [ ] Can login to phpMyAdmin with root credentials
|
|
- [ ] Can see `lottery_db` database in phpMyAdmin
|
|
- [ ] MySQL port 3306 is NOT exposed: `netstat -tlnp | grep 3306` (should show nothing or only 127.0.0.1)
|
|
|
|
## Security Best Practices
|
|
|
|
### 1. Restrict Access by IP (Recommended)
|
|
|
|
Only allow your IP address to access phpMyAdmin:
|
|
|
|
```bash
|
|
# Find your current IP
|
|
curl ifconfig.me
|
|
|
|
# Allow only your IP
|
|
sudo ufw delete allow 8081/tcp
|
|
sudo ufw allow from YOUR_IP_ADDRESS to any port 8081
|
|
```
|
|
|
|
### 2. Use HTTPS (Optional but Recommended)
|
|
|
|
If you have a domain and SSL certificate, you can set up Nginx as a reverse proxy:
|
|
|
|
```nginx
|
|
# /etc/nginx/sites-available/phpmyadmin
|
|
server {
|
|
listen 443 ssl;
|
|
server_name phpmyadmin.yourdomain.com;
|
|
|
|
ssl_certificate /path/to/cert.pem;
|
|
ssl_certificate_key /path/to/key.pem;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8081;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
```
|
|
|
|
### 3. Change Default phpMyAdmin Behavior
|
|
|
|
You can add additional security settings to the phpMyAdmin service in `docker-compose.prod.yml`:
|
|
|
|
```yaml
|
|
environment:
|
|
# ... existing settings ...
|
|
# Disable certain features for security
|
|
PMA_CONTROLUSER: ''
|
|
PMA_CONTROLPASS: ''
|
|
# Enable HTTPS only (if using reverse proxy)
|
|
# PMA_ABSOLUTE_URI: https://phpmyadmin.yourdomain.com
|
|
```
|
|
|
|
### 4. Regular Updates
|
|
|
|
Keep phpMyAdmin updated:
|
|
|
|
```bash
|
|
# Pull latest image
|
|
docker-compose -f docker-compose.prod.yml pull phpmyadmin
|
|
|
|
# Restart service
|
|
docker-compose -f docker-compose.prod.yml up -d phpmyadmin
|
|
```
|
|
|
|
## Troubleshooting
|
|
|
|
### phpMyAdmin Container Won't Start
|
|
|
|
```bash
|
|
# Check logs
|
|
docker logs lottery-phpmyadmin
|
|
|
|
# Common issues:
|
|
# 1. DB_ROOT_PASSWORD not set
|
|
source scripts/load-db-password.sh
|
|
docker-compose -f docker-compose.prod.yml up -d phpmyadmin
|
|
|
|
# 2. MySQL container not running
|
|
docker-compose -f docker-compose.prod.yml up -d db
|
|
```
|
|
|
|
### Cannot Connect to Database
|
|
|
|
```bash
|
|
# Verify MySQL is accessible from phpMyAdmin container
|
|
docker exec lottery-phpmyadmin ping -c 3 db
|
|
|
|
# Check if MySQL is healthy
|
|
docker ps | grep lottery-mysql
|
|
docker logs lottery-mysql | tail -20
|
|
```
|
|
|
|
### Port 8081 Not Accessible
|
|
|
|
```bash
|
|
# Check if port is listening
|
|
sudo netstat -tlnp | grep 8081
|
|
|
|
# Check firewall
|
|
sudo ufw status
|
|
|
|
# Check if container is running
|
|
docker ps | grep phpmyadmin
|
|
|
|
# Restart phpMyAdmin
|
|
docker-compose -f docker-compose.prod.yml restart phpmyadmin
|
|
```
|
|
|
|
### "Access Denied" When Logging In
|
|
|
|
1. Verify password is correct:
|
|
```bash
|
|
grep SPRING_DATASOURCE_PASSWORD /run/secrets/lottery-config.properties
|
|
```
|
|
|
|
2. Verify `DB_ROOT_PASSWORD` matches:
|
|
```bash
|
|
source scripts/load-db-password.sh
|
|
echo $DB_ROOT_PASSWORD
|
|
```
|
|
|
|
3. Test MySQL connection directly:
|
|
```bash
|
|
docker exec -it lottery-mysql mysql -u root -p
|
|
# Enter the password when prompted
|
|
```
|
|
|
|
## Spring Boot Configuration Verification
|
|
|
|
Your Spring Boot application should be using the Docker service name for the database connection. Verify:
|
|
|
|
1. **Secret file** (`/run/secrets/lottery-config.properties`) should contain:
|
|
```
|
|
SPRING_DATASOURCE_URL=jdbc:mysql://db:3306/lottery_db
|
|
```
|
|
|
|
2. **NOT using localhost**:
|
|
- ❌ Wrong: `jdbc:mysql://localhost:3306/lottery_db`
|
|
- ✅ Correct: `jdbc:mysql://db:3306/lottery_db`
|
|
|
|
To verify:
|
|
|
|
```bash
|
|
grep SPRING_DATASOURCE_URL /run/secrets/lottery-config.properties
|
|
```
|
|
|
|
## Maintenance Commands
|
|
|
|
```bash
|
|
# View phpMyAdmin logs
|
|
docker logs lottery-phpmyadmin
|
|
|
|
# Restart phpMyAdmin
|
|
docker-compose -f docker-compose.prod.yml restart phpmyadmin
|
|
|
|
# Stop phpMyAdmin
|
|
docker-compose -f docker-compose.prod.yml stop phpmyadmin
|
|
|
|
# Start phpMyAdmin
|
|
docker-compose -f docker-compose.prod.yml start phpmyadmin
|
|
|
|
# Remove phpMyAdmin (keeps data)
|
|
docker-compose -f docker-compose.prod.yml rm -f phpmyadmin
|
|
|
|
# Update phpMyAdmin to latest version
|
|
docker-compose -f docker-compose.prod.yml pull phpmyadmin
|
|
docker-compose -f docker-compose.prod.yml up -d phpmyadmin
|
|
```
|
|
|
|
## Quick Reference
|
|
|
|
| Item | Value |
|
|
|------|-------|
|
|
| **URL** | `http://YOUR_VPS_IP:8081` |
|
|
| **Username** | `root` |
|
|
| **Password** | From `SPRING_DATASOURCE_PASSWORD` in secret file |
|
|
| **Server** | `db` (auto-detected) |
|
|
| **Database** | `lottery_db` |
|
|
| **Container** | `lottery-phpmyadmin` |
|
|
| **Port** | `8081` (host) → `80` (container) |
|
|
| **Network** | `lottery-network` |
|
|
|
|
## Next Steps
|
|
|
|
After phpMyAdmin is set up:
|
|
|
|
1. ✅ Test login and database access
|
|
2. ✅ Verify you can see all tables in `lottery_db`
|
|
3. ✅ Set up IP restrictions for better security
|
|
4. ✅ Consider setting up HTTPS via Nginx reverse proxy
|
|
5. ✅ Document your access credentials securely
|
|
|